.. / CVE-2022-31268

Exploit for Gitblit 1.9.3 - Local File Inclusion (CVE-2022-31268)

Description:

Gitblit 1.9.3 is vulnerable to local file inclusion via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).

Nuclei Template

View the template here CVE-2022-31268.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-31268.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-31268
https://github.com/Marcuccio/kevin
https://github.com/metaStor/Vuls/blob/main/gitblit/gitblit%20V1.9.3%20path%20traversal/gitblit%20V1.9.3%20path%20traversal.md
https://github.com/20142995/sectool
https://vuldb.com/?id.200500